Re: Splunk Universal Forwarder agent support for A...

vk2 · ‎02-29-2024

Is splunk forwarder agent 9.2.0.1 supported on Amazon Linux 2023 x86/arm OS using RPM file.

Got error while starting splunk service.
tcp_conn_open_afux ossocket_connect failed with No such file or directory
tcp_conn_open_afux ossocket_connect failed with No such file or directory
tcp_conn_open_afux ossocket_connect failed with No such file or directory

PickleRick · ‎03-01-2024

UFs are supported on a relatively wide range of equipment and OS versions (and even if the current UF doesn't support your older hardware or OS release you can still use an older version of UF within the compatibility boundaries - and sometimes even beyond that but I wouldn't advise running UFs that old anyway).

if I'm not mistaken, the error is from the service trying to connect to a running splunkd instance.

Check your splunkd.log to see what's going on.

Also - how did you install that forwarder? RPM? Or just unpacked the tgz?

kiran_panchavat · ‎03-01-2024

@vk2 You can check the below document, Splunk universal forwarder is compatible with Linux OS which is having kernel 4.x or higher. If you have kernel 3.x , Splunk supports this platform and architecture, but might remove support in a future release.

https://docs.splunk.com/Documentation/Splunk/latest/Installation/Systemrequirements#Confirm_support_...

Splunk Universal Forwarder agent support for Amazon Linux 2023 x86/arm

universal forwarder

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?